Support Questions

Hi, I tried following the use case 3. I generated the certificates for all the hosts. When I ran the generateCmCa api, I'm running into this error:

Entering HTTP Operation: Method:POST, Path:/v41/cm/commands/generateCmca
INFO scm-web-77659:com.cloudera.cmf.service.ServiceHandlerRegistry: Executing Global command GenerateCMCACommand GenerateCmcaCmdArgs{sshPort=22, userName=REDACTED, password=REDACTED, passphrase=REDACTED, privateKey=REDACTED, customCA=true, interpretAsFilenames=true, additionalArguments=null, location=/opt/cloudera/CMCA}.
INFO scm-web-77659:com.cloudera.cmf.command.GenerateCmcaCommand: {CLUSTER_NAME} has Kerberos enabled and will be reconfigured to use SASL
INFO scm-web-77659:com.cloudera.cmf.command.flow.CmdStep: Executing command 1546436812 work: Execute 14 steps in sequence
INFO scm-web-77659:com.cloudera.cmf.command.flow.CmdStep: Executing command 1546436812 work: Generate a CMCA and enable Auto-TLS.
INFO scm-web-77659:com.cloudera.cmf.command.GenerateCmcaCmdWork: Determined CMCA location: /var/lib/cloudera-scm-server/certmanager
INFO scm-web-77659:com.cloudera.cmf.command.GenerateCmcaCmdWork: Modifying init file if present: /var/lib/cloudera-scm-server/certmanager/cm_init.txt
INFO scm-web-77659:com.cloudera.cmf.command.GenerateCmcaCmdWork: Generating CMCA
INFO scm-web-77659:com.cloudera.cmf.command.CertmanagerRunner: Running CMCA command with args: [setup_custom_certdir, --host-cert, REDACTED, --host-key, REDACTED, --ca-cert, REDACTED, --keystore-pw-file, /tmp/auto-tls/keys/key.pwd, --truststore-pw-file, REDACTED, --configure-services, --skip-cm-init, --override, keystore_type=jks]
ERROR scm-web-77659:com.cloudera.cmf.command.CertmanagerRunner: Failed to run CMCA command, return code: 1, stderr:
INFO:root:certmanager not running as root
INFO:root:Logging to /var/log/cloudera-scm-agent/certmanager.log
Traceback (most recent call last):
File "/opt/cloudera/cm-agent/bin/certmanager", line 11, in <module>
load_entry_point('cmf==7.6.7', 'console_scripts', 'certmanager')()
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py", line 2857, in main
return certmanager(obj=argparse.Namespace())
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/click/core.py", line 716, in __call__
return self.main(*args, **kwargs)
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/click/core.py", line 696, in main
rv = self.invoke(ctx)
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/click/core.py", line 1060, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/click/core.py", line 889, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/click/core.py", line 534, in invoke
return callback(*args, **kwargs)
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/click/decorators.py", line 27, in new_func
return f(get_current_context().obj, *args, **kwargs)
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py", line 2694, in setup_custom_certdir
truststore_password)
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py", line 2014, in setup_server_with_custom_certs
self.copy_node_cert(None, hostname)
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py", line 1798, in copy_node_cert
keystore_file, hostname, password)
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py", line 1607, in _write_keystore_file
raise Exception("Failed to generate host pkcs12 file.")
Exception: Failed to generate host pkcs12 file.

WARN scm-web-77659:com.cloudera.cmf.command.flow.CmdStep: Command 1546436812 Unexpected exception during doWork
java.lang.IllegalStateException: Failed to run CMCA command, return code: 1


The ssh user has root permissions assigned. Can you help me with this please @upadhyayk04 

Thank you

Hi, yes it was a problem with incorrect pass phrase being passed to the keystorePassword.